[Twisted-Python] smtp-server: issue with checkers.FilePasswordDB and hash

Lucas Taylor ltaylor.volks at gmail.com
Mon Apr 5 00:01:01 EDT 2010

On 4/4/10 5:41 PM, aleuser at inwind.it wrote:
> Hi all,
>    I use FilePasswordDB with a small smtp-server (a very small toy), but when 
> I use the hash function the authentication doesn't work.
> Here few lines of code:
> """
> def _hash(name, clearpsw, hashedpsw):
>     # a very simple hash function ?
>     return md5.md5(clearpsw).hexdigest()
>     # return 'aa'
> # doesn't work; password file content is correctly "hashed"
> smtpusers = checkers.FilePasswordDB('smtppasswords.txt', caseSensitive=True, 
> hash=_hash, cache=True)
> # work! in the file the passwords are in plain text
> #smtpusers = checkers.FilePasswordDB('smtppasswords.txt', caseSensitive=True, 
> cache=True)
> mailservice = mail.MailService()
> mailservice.setQueue(relaymanager.Queue(QUEUE_PATH))
> mailservice.smtpPortal.registerChecker(smtpusers)
> smtpserver = mailservice.getESMTPFactory()
> application = service.Application("Console SMTP Server")
> internet.TCPServer(SMTP_PORT, smtpserver).setServiceParent(application)
> """
> The error is:
> Failure: twisted.cred.error.UnhandledCredentials: No checker for twisted.cred.
> credentials.IUsernameHashedPassword
> Obviously FilePasswordDB doesn't provide that credential when there is the 
> hash function; why smtp connection is hashed and not in plaintext? How can I 
> get it works?
> I found a similar question, with no answer:
> http://twistedmatrix.com/pipermail/twisted-python/2006-November/014395.html
> Thanks
> Alessandro

Can't say for sure without a full example, but it looks like you are
providing an instance of credentials.UsernameHashedPassword to
portal.login when you should be providing a credentials.UsernamePassword

If you provide a hash function to FilePasswordDB, it only accepts
IUsernamePassword credentials. The hash function is for plaintext
passwords that need to be validated against a hashed password file.

If your passwords are already hashed before they are sent to the server
for authentication, then there is no need for a hash function.
FilePasswordDB will accept either IUsernamePassword or
IUsernameHashedPassword credentials.

The source comments make it a bit clearer:

More information about the Twisted-Python mailing list